This was brought about by problems I encountered while working for Kangare Software Engineering in Kiribati. We had a number of Red Hat 7.3 machines operating as Primary Domain Controllers (PDC) for clients and wanted to migrate the servers to Debian. As some of the clients had over 40 workstations, we didn't want to have to re-join the domain for every workstation and required a way to transparently migrate to a new PDC.
This assumes you have Samba set up as a PDC with machines joined to the domain and users logging on correctly. Information about joining Win2k and XP machines to a Samba domain is available elsewhere on the web.
The test setup consisted of the following machines:
I used Debian on both the servers, but this should all be distro independent anyway
and store it somewhere safesrv1:~# smbpasswd -X TEST SID for domain TEST is: S-1-5-21-4114446979-1452487925-2869499296
Merge the old and new passwd,shadow and group files, you'll need to copy both the user accounts and the machine accounts (the ones that end in a '$' ).
So for example, I copied the following out of /etc/passwd:
The shadow and group files are similar.simon:x:1000:1000:simmo:/home/simon:/bin/bash test-xp$:x:1001:100::/home/test-xp:/bin/false quigon$:x:1002:100::/home/quigon$:/bin/false jack:x:1003:1003:Jack:/home/jack:/bin/bash
Copy over the home directories, and use chown to set the proper ownership
Copy the smbpasswd and smb.conf files to /etc/samba
smbpasswd -W S-1-5-21-4114446979-1452487925-2869499296
Upon logging in on the Windows 2000 Desktop first, I got the following error:
Windows did not load your roaming profile and is attempting to log you in without your local profile...A bit of Googling turned up this. As mentioned, adding
To the share that holds the profiles solved that problem (in this case [homes])profile acls = Yes
Well it seems to work. Both machines can login again and profiles appear to be working. The Windows 2k machine has decided to stop logging out but it was doing that intermittently before I started so I don't think it's related.
Comments / Additions ? email nomis52 <AT> westnet.com.au